From 4abded8025a47990e58cd0a5fe9b96e38f4a3715 Mon Sep 17 00:00:00 2001 From: rebortg Date: Sun, 29 Nov 2020 21:52:28 +0100 Subject: arrange: interfaces --- docs/configuration/interfaces/macsec.rst | 191 +++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 docs/configuration/interfaces/macsec.rst (limited to 'docs/configuration/interfaces/macsec.rst') diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst new file mode 100644 index 00000000..ebc8f151 --- /dev/null +++ b/docs/configuration/interfaces/macsec.rst @@ -0,0 +1,191 @@ +.. _macsec-interface: + +###### +MACsec +###### + +MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. +It defines a way to establish a protocol independent connection between two +hosts with data confidentiality, authenticity and/or integrity, using +GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 +protocol, which means it's designed to secure traffic within a layer 2 network, +including DHCP or ARP requests. It does not compete with other security +solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are +used for their own specific use cases. + +************* +Configuration +************* + +Common interface configuration +============================== + +.. cmdinclude:: ../_include/interface-common-with-dhcp.txt + :var0: macsec + :var1: macsec0 + +MACsec options +============== + +.. cfgcmd:: set interfaces macsec security cipher [gcm-aes-128] + + Select cipher suite used for cryptographic operations. This setting is + mandatory. + + .. note:: gcm-aes-256 support planned once iproute2 package is updated to + version >=5.2. + +.. cfgcmd:: set interfaces macsec security encrypt + + MACsec only provides authentication by default, encryption is optional. This + command will enable encryption for all outgoing packets. + +.. cfgcmd:: set interfaces macsec source-interface + + A physical interface is required to connect this MACsec instance to. Traffic + leaving this interfac will now be authenticated/encrypted. + +Key Management +-------------- + +:abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between +individual peers. + +.. cfgcmd:: set interfaces macsec security mka cak + + IEEE 802.1X/MACsec pre-shared key mode. This allows to configure MACsec with + a pre-shared key using a (CAK,CKN) pair. + +.. cfgcmd:: set interfaces macsec security mka ckn + + CAK Name + +.. cfgcmd:: set interfaces macsec security mka priority + + The peer with lower priority will become the key server and start + distributing SAKs. + +Replay protection +----------------- + +.. cfgcmd:: set interfaces macsec security replay-window + + IEEE 802.1X/MACsec replay protection window. This determines a window in which + replay is tolerated, to allow receipt of frames that have been misordered by + the network. + + - ``0``: No replay window, strict check + - ``1-4294967295``: Number of packets that could be misordered + +********* +Operation +********* + +.. opcmd:: run generate macsec mka-cak + + Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key + + .. code-block:: none + + vyos@vyos:~$ generate macsec mka-cak + 20693b6e08bfa482703a563898c9e3ad + + +.. opcmd:: run generate macsec mka-ckn + + Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key + + .. code-block:: none + + vyos@vyos:~$ generate macsec mka-ckn + 88737efef314ee319b2cbf30210a5f164957d884672c143aefdc0f5f6bc49eb2 + +.. opcmd:: show interfaces macsec + + List all MACsec interfaces + + .. code-block:: none + + vyos@vyos:~$ show interfaces macsec + 17: macsec1: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off + cipher suite: GCM-AES-128, using ICV length 16 + TXSC: 005056bfefaa0001 on SA 0 + 20: macsec0: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off + cipher suite: GCM-AES-128, using ICV length 16 + TXSC: 005056bfefaa0001 on SA 0 + +.. opcmd:: show interfaces macsec + + Show specific MACsec interface information + + .. code-block:: none + + vyos@vyos:~$ show interfaces macsec macsec1 + 17: macsec1: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off + cipher suite: GCM-AES-128, using ICV length 16 + TXSC: 005056bfefaa0001 on SA 0 + +******** +Examples +******** + +* Two routers connected both via eth1 through an untrusted switch +* R1 has 192.0.2.1/24 & 2001:db8::1/64 +* R2 has 192.0.2.2/24 & 2001:db8::2/64 + +**R1** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.1/24' + set interfaces macsec macsec1 address '2001:db8::1/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4' + set interfaces macsec macsec1 security mka ckn '40916f4b23e3d548ad27eedd2d10c6f98c2d21684699647d63d41b500dfe8836' + set interfaces macsec macsec1 source-interface 'eth1' + +**R2** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.2/24' + set interfaces macsec macsec1 address '2001:db8::2/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4' + set interfaces macsec macsec1 security mka ckn '40916f4b23e3d548ad27eedd2d10c6f98c2d21684699647d63d41b500dfe8836' + set interfaces macsec macsec1 source-interface 'eth1' + +Pinging (IPv6) the other host and intercepting the traffic in ``eth1`` will +show you the content is encrypted. + +.. code-block:: none + + 17:35:44.586668 00:50:56:bf:ef:aa > 00:50:56:b3:ad:d6, ethertype Unknown (0x88e5), length 150: + 0x0000: 2c00 0000 000a 0050 56bf efaa 0001 d9fb ,......PV....... + 0x0010: 920a 8b8d 68ed 9609 29dd e767 25a4 4466 ....h...)..g%.Df + 0x0020: 5293 487b 9990 8517 3b15 22c7 ea5c ac83 R.H{....;."..\.. + 0x0030: 4c6e 13cf 0743 f917 2c4e 694e 87d1 0f09 Ln...C..,NiN.... + 0x0040: 0f77 5d53 ed75 cfe1 54df 0e5a c766 93cb .w]S.u..T..Z.f.. + 0x0050: c4f2 6e23 f200 6dfe 3216 c858 dcaa a73b ..n#..m.2..X...; + 0x0060: 4dd1 9358 d9e4 ed0e 072f 1acc 31c4 f669 M..X...../..1..i + 0x0070: e93a 9f38 8a62 17c6 2857 6ac5 ec11 8b0e .:.8.b..(Wj..... + 0x0080: 6b30 92a5 7ccc 720b k0..|.r. + +Disabling the encryption on the link by removing ``security encrypt`` will show +the unencrypted but authenticated content. + +.. code-block:: none + + 17:37:00.746155 00:50:56:bf:ef:aa > 00:50:56:b3:ad:d6, ethertype Unknown (0x88e5), length 150: + 0x0000: 2000 0000 0009 0050 56bf efaa 0001 86dd .......PV....... + 0x0010: 6009 86f3 0040 3a40 2001 0db8 0000 0000 `....@:@........ + 0x0020: 0000 0000 0000 0001 2001 0db8 0000 0000 ................ + 0x0030: 0000 0000 0000 0002 8100 d977 0f30 0003 ...........w.0.. + 0x0040: 1ca0 c65e 0000 0000 8d93 0b00 0000 0000 ...^............ + 0x0050: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f ................ + 0x0060: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f .!"#$%&'()*+,-./ + 0x0070: 3031 3233 3435 3637 87d5 eed3 3a39 d52b 01234567....:9.+ + 0x0080: a282 c842 5254 ef28 ...BRT.( + -- cgit v1.2.3 From e33e1268f944be445b5a771df0e97e913487512f Mon Sep 17 00:00:00 2001 From: rebortg Date: Mon, 30 Nov 2020 19:46:59 +0100 Subject: change include to absolute path --- docs/_ext/vyos.py | 9 ++++++-- docs/_include/interface-common-with-dhcp.txt | 8 +++---- docs/_include/interface-common-without-dhcp.txt | 4 ++-- docs/_include/interface-common.txt | 18 ++++++++-------- docs/_include/interface-dhcpv6-options.txt | 2 +- docs/_include/interface-vlan-8021ad.txt | 26 +++++++++++------------ docs/_include/interface-vlan-8021q.txt | 24 ++++++++++----------- docs/configuration/firewall/index.rst | 1 + docs/configuration/interfaces/bonding.rst | 4 ++-- docs/configuration/interfaces/bridge.rst | 4 ++-- docs/configuration/interfaces/dummy.rst | 8 +++---- docs/configuration/interfaces/ethernet.rst | 6 +++--- docs/configuration/interfaces/geneve.rst | 2 +- docs/configuration/interfaces/l2tpv3.rst | 4 ++-- docs/configuration/interfaces/loopback.rst | 4 ++-- docs/configuration/interfaces/macsec.rst | 2 +- docs/configuration/interfaces/openvpn.rst | 2 +- docs/configuration/interfaces/pppoe.rst | 8 +++---- docs/configuration/interfaces/pseudo-ethernet.rst | 4 ++-- docs/configuration/interfaces/tunnel.rst | 2 +- docs/configuration/interfaces/vxlan.rst | 2 +- docs/configuration/interfaces/wireless.rst | 6 +++--- docs/configuration/interfaces/wirelessmodem.rst | 6 +++--- docs/configuration/nat/nptv6.rst | 2 +- docs/configuration/policy/index.rst | 4 ++-- docs/contributing/debugging.rst | 2 +- docs/contributing/development.rst | 2 +- docs/contributing/documentation.rst | 2 +- docs/contributing/issues-features.rst | 2 +- docs/interfaces/advanced-index.rst | 23 -------------------- docs/interfaces/basic-index.rst | 12 ----------- docs/routing/bfd.rst | 2 +- docs/routing/ospf.rst | 2 +- docs/routing/rip.rst | 2 +- docs/services/conntrack.rst | 2 +- docs/services/ipoe-server.rst | 4 ++-- docs/services/pppoe-server.rst | 2 +- docs/system/lcd.rst | 2 +- docs/vpn/sstp.rst | 2 +- 39 files changed, 97 insertions(+), 126 deletions(-) delete mode 100644 docs/interfaces/advanced-index.rst delete mode 100644 docs/interfaces/basic-index.rst (limited to 'docs/configuration/interfaces/macsec.rst') diff --git a/docs/_ext/vyos.py b/docs/_ext/vyos.py index 89cc8ab7..4a974b46 100644 --- a/docs/_ext/vyos.py +++ b/docs/_ext/vyos.py @@ -3,7 +3,7 @@ import json import os from docutils import io, nodes, utils, statemachine from docutils.parsers.rst.roles import set_classes -from docutils.parsers.rst import Directive, directives +from docutils.parsers.rst import Directive, directives, states from sphinx.util.docutils import SphinxDirective @@ -173,7 +173,7 @@ class inlinecmd(nodes.inline): #self.literal_whitespace -= 1 -class CfgInclude(Directive): +class CfgInclude(SphinxDirective): required_arguments = 1 optional_arguments = 0 final_argument_whitespace = True @@ -189,10 +189,15 @@ class CfgInclude(Directive): 'var8': str, 'var9': str } + standard_include_path = os.path.join(os.path.dirname(states.__file__), + 'include') def run(self): ### Copy from include directive docutils """Include a file as part of the content of this reST file.""" + rel_filename, filename = self.env.relfn2path(self.arguments[0]) + self.arguments[0] = filename + self.env.note_included(filename) if not self.state.document.settings.file_insertion_enabled: raise self.warning('"%s" directive disabled.' % self.name) source = self.state_machine.input_lines.source( diff --git a/docs/_include/interface-common-with-dhcp.txt b/docs/_include/interface-common-with-dhcp.txt index 3e1394a3..1cacdd53 100644 --- a/docs/_include/interface-common-with-dhcp.txt +++ b/docs/_include/interface-common-with-dhcp.txt @@ -1,17 +1,17 @@ -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-common.txt +.. cmdinclude:: /_include/interface-common.txt :var0: {{ var0 }} :var1: {{ var1 }} **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt :var0: {{ var0 }} :var1: {{ var1 }} diff --git a/docs/_include/interface-common-without-dhcp.txt b/docs/_include/interface-common-without-dhcp.txt index d861f003..73d39dd0 100644 --- a/docs/_include/interface-common-without-dhcp.txt +++ b/docs/_include/interface-common-without-dhcp.txt @@ -1,7 +1,7 @@ -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-common.txt +.. cmdinclude:: /_include/interface-common.txt :var0: {{ var0 }} :var1: {{ var1 }} diff --git a/docs/_include/interface-common.txt b/docs/_include/interface-common.txt index de29356f..68c9c448 100644 --- a/docs/_include/interface-common.txt +++ b/docs/_include/interface-common.txt @@ -1,36 +1,36 @@ -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable-flow-control.txt +.. cmdinclude:: /_include/interface-disable-flow-control.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt :var0: {{ var0 }} :var1: {{ var1 }} -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: {{ var0 }} :var1: {{ var1 }} diff --git a/docs/_include/interface-dhcpv6-options.txt b/docs/_include/interface-dhcpv6-options.txt index a54a7dce..a47d9f32 100644 --- a/docs/_include/interface-dhcpv6-options.txt +++ b/docs/_include/interface-dhcpv6-options.txt @@ -30,7 +30,7 @@ set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} dhcpv6-options temporary -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: {{ var2 }} diff --git a/docs/_include/interface-vlan-8021ad.txt b/docs/_include/interface-vlan-8021ad.txt index a1e971be..12925ad4 100644 --- a/docs/_include/interface-vlan-8021ad.txt +++ b/docs/_include/interface-vlan-8021ad.txt @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt IEEE 802.1ad_ was an Ethernet networking standard informally known as QinQ as an amendment to IEEE standard 802.1q VLAN interfaces as described above. @@ -28,7 +28,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8). -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -38,7 +38,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -48,7 +48,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -58,7 +58,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -68,7 +68,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -78,7 +78,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -88,7 +88,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -98,7 +98,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -108,7 +108,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -120,7 +120,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -130,7 +130,7 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif-s @@ -140,4 +140,4 @@ tag is the one closer/closest to the Ethernet header, its name is S-TAG :var6: :var7: 20 -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/_include/interface-vlan-8021q.txt b/docs/_include/interface-vlan-8021q.txt index 2c7e58f7..37f652f3 100644 --- a/docs/_include/interface-vlan-8021q.txt +++ b/docs/_include/interface-vlan-8021q.txt @@ -29,63 +29,63 @@ term used for this is ``vif``. .. note:: Only 802.1Q-tagged packets are accepted on Ethernet vifs. -.. cmdinclude:: ../_include/interface-address-with-dhcp.txt +.. cmdinclude:: /_include/interface-address-with-dhcp.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-disable-link-detect.txt +.. cmdinclude:: /_include/interface-disable-link-detect.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-mac.txt +.. cmdinclude:: /_include/interface-mac.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-mtu.txt +.. cmdinclude:: /_include/interface-mtu.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-ipv6-addr-autoconf.txt +.. cmdinclude:: /_include/interface-ipv6-addr-autoconf.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-ipv6-addr-eui64.txt +.. cmdinclude:: /_include/interface-ipv6-addr-eui64.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif @@ -94,18 +94,18 @@ term used for this is ``vif``. **DHCP(v6)** -.. cmdinclude:: ../_include/interface-dhcp-options.txt +.. cmdinclude:: /_include/interface-dhcp-options.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. cmdinclude:: ../_include/interface-dhcpv6-options.txt +.. cmdinclude:: /_include/interface-dhcpv6-options.txt :var0: {{ var0 }} :var1: {{ var1 }} :var2: vif :var3: :var4: 10 -.. include:: ../common-references.rst \ No newline at end of file +.. include:: /common-references.rst \ No newline at end of file diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 870e9a08..d9a3ebe3 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -3,6 +3,7 @@ Firewall ======== + Overview -------- diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 7faddd6f..8ec8f34d 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -17,7 +17,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: bond :var1: bond0 @@ -259,7 +259,7 @@ Bond options VLAN ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt :var0: bond :var1: bond0 diff --git a/docs/configuration/interfaces/bridge.rst b/docs/configuration/interfaces/bridge.rst index dc94a761..766d2aa5 100644 --- a/docs/configuration/interfaces/bridge.rst +++ b/docs/configuration/interfaces/bridge.rst @@ -21,7 +21,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: bridge :var1: br0 @@ -116,7 +116,7 @@ links providing fault tolerance if an active link fails. VLAN ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt :var0: bridge :var1: br0 diff --git a/docs/configuration/interfaces/dummy.rst b/docs/configuration/interfaces/dummy.rst index c36d0024..c9845230 100644 --- a/docs/configuration/interfaces/dummy.rst +++ b/docs/configuration/interfaces/dummy.rst @@ -25,19 +25,19 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt :var0: dummy :var1: dum0 -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: dummy :var1: dum0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: dummy :var1: dum0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: dummy :var1: dum0 diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index f2ab3f67..9311c947 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -14,7 +14,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: ethernet :var1: eth0 @@ -72,14 +72,14 @@ VLAN Regular VLANs (802.1q) ---------------------- -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt :var0: ethernet :var1: eth0 QinQ (802.1ad) -------------- -.. cmdinclude:: ../_include/interface-vlan-8021ad.txt +.. cmdinclude:: /_include/interface-vlan-8021ad.txt :var0: ethernet :var1: eth0 diff --git a/docs/configuration/interfaces/geneve.rst b/docs/configuration/interfaces/geneve.rst index 47068687..9e00d621 100644 --- a/docs/configuration/interfaces/geneve.rst +++ b/docs/configuration/interfaces/geneve.rst @@ -39,7 +39,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt :var0: geneve :var1: gnv0 diff --git a/docs/configuration/interfaces/l2tpv3.rst b/docs/configuration/interfaces/l2tpv3.rst index 4c9cbf9b..a4b7be36 100644 --- a/docs/configuration/interfaces/l2tpv3.rst +++ b/docs/configuration/interfaces/l2tpv3.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _l2tpv3-interface: @@ -31,7 +31,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt :var0: l2tpv3 :var1: l2tpeth0 diff --git a/docs/configuration/interfaces/loopback.rst b/docs/configuration/interfaces/loopback.rst index a6d659b5..f7386c62 100644 --- a/docs/configuration/interfaces/loopback.rst +++ b/docs/configuration/interfaces/loopback.rst @@ -26,11 +26,11 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-address.txt +.. cmdinclude:: /_include/interface-address.txt :var0: loopback :var1: lo -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: loopback :var1: lo diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index ebc8f151..2bf643aa 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -20,7 +20,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: macsec :var1: macsec0 diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index c6934335..7646959c 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -581,4 +581,4 @@ The following commands let you reset OpenVPN. -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/configuration/interfaces/pppoe.rst b/docs/configuration/interfaces/pppoe.rst index 313edd84..decfd348 100644 --- a/docs/configuration/interfaces/pppoe.rst +++ b/docs/configuration/interfaces/pppoe.rst @@ -59,15 +59,15 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: pppoe :var1: pppoe0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: pppoe :var1: pppoe0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: pppoe :var1: pppoe0 @@ -177,7 +177,7 @@ IPv6 Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC). -.. cmdinclude:: ../_include/interface-dhcpv6-prefix-delegation.txt +.. cmdinclude:: /_include/interface-dhcpv6-prefix-delegation.txt :var0: pppoe :var1: pppoe0 diff --git a/docs/configuration/interfaces/pseudo-ethernet.rst b/docs/configuration/interfaces/pseudo-ethernet.rst index c2baca39..0471d2e1 100644 --- a/docs/configuration/interfaces/pseudo-ethernet.rst +++ b/docs/configuration/interfaces/pseudo-ethernet.rst @@ -45,7 +45,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: pseudo-ethernet :var1: peth0 @@ -60,6 +60,6 @@ Pseudo Ethernet/MACVLAN options VLAN ==== -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt :var0: pseudo-ethernet :var1: peth0 diff --git a/docs/configuration/interfaces/tunnel.rst b/docs/configuration/interfaces/tunnel.rst index 4b9da26b..7b1502f8 100644 --- a/docs/configuration/interfaces/tunnel.rst +++ b/docs/configuration/interfaces/tunnel.rst @@ -16,7 +16,7 @@ a closer look at the protocols and options currently supported by VyOS. Common interface configuration ------------------------------ -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt :var0: tunnel :var1: tun0 diff --git a/docs/configuration/interfaces/vxlan.rst b/docs/configuration/interfaces/vxlan.rst index 40dc5400..95f8de35 100644 --- a/docs/configuration/interfaces/vxlan.rst +++ b/docs/configuration/interfaces/vxlan.rst @@ -39,7 +39,7 @@ Configuration Common interface configuration ------------------------------ -.. cmdinclude:: ../_include/interface-common-without-dhcp.txt +.. cmdinclude:: /_include/interface-common-without-dhcp.txt :var0: vxlan :var1: vxlan0 diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index 2de3b126..82f66cf4 100644 --- a/docs/configuration/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -30,7 +30,7 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-common-with-dhcp.txt +.. cmdinclude:: /_include/interface-common-with-dhcp.txt :var0: wireless :var1: wlan0 @@ -378,14 +378,14 @@ VLAN Regular VLANs (802.1q) ---------------------- -.. cmdinclude:: ../_include/interface-vlan-8021q.txt +.. cmdinclude:: /_include/interface-vlan-8021q.txt :var0: wireless :var1: wlan0 QinQ (802.1ad) -------------- -.. cmdinclude:: ../_include/interface-vlan-8021ad.txt +.. cmdinclude:: /_include/interface-vlan-8021ad.txt :var0: wireless :var1: wlan0 diff --git a/docs/configuration/interfaces/wirelessmodem.rst b/docs/configuration/interfaces/wirelessmodem.rst index f9dfa228..a65a47f4 100644 --- a/docs/configuration/interfaces/wirelessmodem.rst +++ b/docs/configuration/interfaces/wirelessmodem.rst @@ -15,15 +15,15 @@ Configuration Common interface configuration ============================== -.. cmdinclude:: ../_include/interface-description.txt +.. cmdinclude:: /_include/interface-description.txt :var0: wirelessmodem :var1: wlm0 -.. cmdinclude:: ../_include/interface-disable.txt +.. cmdinclude:: /_include/interface-disable.txt :var0: wirelessmodem :var1: wlm0 -.. cmdinclude:: ../_include/interface-vrf.txt +.. cmdinclude:: /_include/interface-vrf.txt :var0: wirelessmodem :var1: wlm0 diff --git a/docs/configuration/nat/nptv6.rst b/docs/configuration/nat/nptv6.rst index f4e08325..c09c8336 100644 --- a/docs/configuration/nat/nptv6.rst +++ b/docs/configuration/nat/nptv6.rst @@ -1,4 +1,4 @@ -.. include:: _include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _nptv6: diff --git a/docs/configuration/policy/index.rst b/docs/configuration/policy/index.rst index 4be494e5..557911d9 100644 --- a/docs/configuration/policy/index.rst +++ b/docs/configuration/policy/index.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt ###### Policy @@ -65,7 +65,7 @@ neighbor. You now see the longer AS path. -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _routing-pbr: diff --git a/docs/contributing/debugging.rst b/docs/contributing/debugging.rst index ac2e0510..fcd62c89 100644 --- a/docs/contributing/debugging.rst +++ b/docs/contributing/debugging.rst @@ -143,4 +143,4 @@ order of the scripts. .. _vyatta-cfg: https://github.com/vyos/vyatta-cfg .. _bootchart.conf: https://github.com/vyos/vyos-build/blob/current/data/live-build-config/includes.chroot/etc/systemd/bootchart.conf -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/contributing/development.rst b/docs/contributing/development.rst index 86371845..0a7fecb5 100644 --- a/docs/contributing/development.rst +++ b/docs/contributing/development.rst @@ -711,4 +711,4 @@ http://dev.packages.vyos.net/repositories/. .. _`VLAN (VIF)`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/vif.xml.i .. _`MAC address`: https://github.com/vyos/vyos-1x/tree/current/interface-definitions/include/interface-mac.xml.i -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/contributing/documentation.rst b/docs/contributing/documentation.rst index 9dd0c495..0276a7d2 100644 --- a/docs/contributing/documentation.rst +++ b/docs/contributing/documentation.rst @@ -325,4 +325,4 @@ predefined structure. .. _reStructuredTextDirectives: https://docutils.sourceforge.io/docs/ref/rst/directives.html .. _README.md: https://github.com/vyos/vyos-documentation/blob/master/README.md -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/contributing/issues-features.rst b/docs/contributing/issues-features.rst index 60e49974..473d49d9 100644 --- a/docs/contributing/issues-features.rst +++ b/docs/contributing/issues-features.rst @@ -77,4 +77,4 @@ the left side under the specific project. .. _Slack: https://slack.vyos.io .. _Forum: https://forum.vyos.io -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst deleted file mode 100644 index 7b9bde1e..00000000 --- a/docs/interfaces/advanced-index.rst +++ /dev/null @@ -1,23 +0,0 @@ -.. _advanced_network-interfaces: - -################## -Network Interfaces -################## - -.. toctree:: - :maxdepth: 1 - - bond - bridge - dummy - ethernet - geneve - loopback - l2tpv3 - macsec - pppoe - pseudo-ethernet - tunnel - vxlan - wireless - wirelessmodem diff --git a/docs/interfaces/basic-index.rst b/docs/interfaces/basic-index.rst deleted file mode 100644 index 425792a2..00000000 --- a/docs/interfaces/basic-index.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. _basic_network-interfaces: - -######################## -Basic Network Interfaces -######################## - -.. toctree:: - :maxdepth: 1 - - ethernet - loopback - pppoe diff --git a/docs/routing/bfd.rst b/docs/routing/bfd.rst index 1d494332..b8fdf489 100644 --- a/docs/routing/bfd.rst +++ b/docs/routing/bfd.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _routing-bfd: diff --git a/docs/routing/ospf.rst b/docs/routing/ospf.rst index fe05178b..19787b11 100644 --- a/docs/routing/ospf.rst +++ b/docs/routing/ospf.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _routing-ospf: diff --git a/docs/routing/rip.rst b/docs/routing/rip.rst index 68868e37..0d73ad34 100644 --- a/docs/routing/rip.rst +++ b/docs/routing/rip.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _rip: diff --git a/docs/services/conntrack.rst b/docs/services/conntrack.rst index c361d293..55cd088e 100644 --- a/docs/services/conntrack.rst +++ b/docs/services/conntrack.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt Conntrack --------- diff --git a/docs/services/ipoe-server.rst b/docs/services/ipoe-server.rst index 3aedf966..279f0c6d 100644 --- a/docs/services/ipoe-server.rst +++ b/docs/services/ipoe-server.rst @@ -1,4 +1,4 @@ -.. include:: ../_include/need_improvement.txt +.. include:: /_include/need_improvement.txt .. _ipoe_server: @@ -146,4 +146,4 @@ The rate-limit is set in kbit/sec. -------+------------+-------------------+-------------+-----+--------+------------+--------+----------+------------------ ipoe0 | eth2 | 08:00:27:2f:d8:06 | 192.168.0.2 | | | 500/500 | active | 00:00:05 | dccc870fd31349fb -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/services/pppoe-server.rst b/docs/services/pppoe-server.rst index e710ba6a..4deb6c7e 100644 --- a/docs/services/pppoe-server.rst +++ b/docs/services/pppoe-server.rst @@ -394,4 +394,4 @@ a /56 subnet for the clients internal use. --------+----------+-------------+--------------------------+---------------------+-------------------+------------+--------+----------+----------+---------- ppp0 | test | 192.168.0.1 | 2001:db8:8002:0:200::/64 | 2001:db8:8003::1/56 | 00:53:00:12:42:eb | | active | 00:00:49 | 875 B | 2.1 KiB -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/system/lcd.rst b/docs/system/lcd.rst index 441becf5..2509946e 100644 --- a/docs/system/lcd.rst +++ b/docs/system/lcd.rst @@ -41,5 +41,5 @@ Configuration .. note:: We can't support all displays from the beginning. If your display type is missing, please create a feature request via Phabricator_. -.. include:: ../common-references.rst +.. include:: /common-references.rst diff --git a/docs/vpn/sstp.rst b/docs/vpn/sstp.rst index e5567cb6..f5e4ad05 100644 --- a/docs/vpn/sstp.rst +++ b/docs/vpn/sstp.rst @@ -344,4 +344,4 @@ A connection attempt will be shown as: .. _sstpc: https://github.com/reliablehosting/sstp-client -.. include:: ../common-references.rst +.. include:: /common-references.rst -- cgit v1.2.3